sb-au logo
Story image

CSOs - are you prepared for cloud cryptojacking?

18 Feb 2019

Article by Bitglass Australia APJ vice president David Shephard

Cloud cryptojacking – hijacking cloud resources to mine for cryptocurrency – is currently the fastest-growing cybersecurity threat to the enterprise.

A recent report found that almost half of the organisations surveyed have malware in one of their cloud applications, making it one of the biggest threats to organisations.

This malware sees cybercriminals regularly stealing processing power from devices and other resources in order to mine cryptocurrency.

The trend is showing no signs of slowing down anytime soon.

This is because the rising popularity and value of cryptocurrencies like Bitcoin and Monero have made large-scale cryptojacking a highly lucrative proposition.

As such, it should come as no surprise that hackers are targeting data centres and vulnerable websites that can help them boost their mining capabilities.

Today, cloud-based resources are the main focus for hackers looking to mine cryptocurrency.

In particular, infrastructure-as-a-service (IaaS) platforms are being targeted because they offer virtually infinite resources and an environment where attackers can operate under the radar and go largely undetected.

A perfect storm

The threat delivery methods used by cybercriminals to initiate cryptojacking are similar to those utilised for other types of threats, such as ransomware or adware.

Typically, hackers will use phishing emails to load cryptomining code on to a device, or they will infect a website with JavaScript code that auto-executes once loaded into the victim’s browser.

This code then runs surreptitiously in the background, meaning it can take a significant amount of time before individuals realise they’ve been compromised.

By combining cloudjacking – the act of stealing processing power and storage from a cloud account – with cryptojacking, criminals are able to accelerate the rate at which they illicitly mine cryptocurrency.

Tesla is one of the high-profile organisations that has fallen victim to this type of attack.

Earlier in 2018, it was discovered that some of its Amazon Web Services (AWS) infrastructure was being appropriated for mining.

The criminals responsible for the attack concealed their activities from conventional firewall and intruder detection systems by hiding the IP addresses of their mining programs behind a content delivery network; they also throttled the mining software to ensure that it did not trigger high-usage-detection systems.

How to prevent cryptojacking

Incorporating cryptojacking into existing employee security awareness training is a vital preventative step. The more employees know, the better equipped they will be to avoid falling prey to an attack. As always, it’s important to focus on the way that hackers use highly targeted phishing techniques to gain access to IT environments.

Additionally, as many attacks are delivered via auto-executing cryptojacking scripts on websites, deploying ad-blocking and anti-cryptomining extensions on web browsers is also important.

Next, a simple and effective step is to make sure that strong passwords and multi-factor authentication are in place for all cloud apps and IT assets.

Attackers compromised Tesla’s environment through an administration console that was not password protected.

Exchanging default passwords for strong, alphanumeric credentials and enforcing multi-factor authentication are must-haves for ensuring the protection of sensitive enterprise assets.

Prioritise the first line of defence

Promptly installing patches and software updates is another action that will ensure endpoints and cloud-based tools have their security gaps filled, protecting them from the latest threats.

Many successful cloud cryptojacking attacks have exploited well-known vulnerabilities that were left unsecured by enterprises and employees who failed to implement patches in a timely manner.

Similarly, deploying cloud-based advanced threat protection (ATP) helps defend against known and zero-day malware that can be used to launch cryptomining attacks.

With the correct tools in place, any threat can be detected and blocked as it is uploaded to any app, downloaded to any device, or at rest in the cloud.

This is ideally achieved through an agentless solution because agent-based endpoint tools like mobile device management (MDM) can harm device functionality, invade user privacy, and, consequently, prove incredibly difficult to deploy on employees’ personal devices.

As bring-your-own-device (BYOD) is becoming common within the vast majority of organisations, securing personal devices through agentless solutions is an absolute must.

In recent months, there’s been a sharp increase in the number of reported cryptojacking incidents.

Organisations cannot afford to ignore the threat that malicious mining poses.

In addition to increasing energy costs, attacks can also harm system performance for users and customers – which can cause lasting brand damage.

By rigorously reviewing first-line defences, organisations can ensure that they do not become victims of this latestcyber threat.

Story image
Vectra expands NDR capabilities across all network environments
Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks.More
Story image
Claroty and CrowdStrike form partnership to protect industrial control system environements
The integration will deliver visibility into industrial control system (ICS) networks and endpoints, with a one-stop-shop for information technology (IT) and OT asset information directly within The Claroty Platform.More
Story image
Claroty finds four vulnerabilities in Schneider Electric OT device
Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
In the sprint towards digital transformation, don’t neglect your data
Three tips to locate, secure, and understand dispersed corporate data.More
Story image
DigiCert revamps PKI management capabilities for remote work
The revamp provides new ways of delivering certificate automation that can authenticate employees and devices, and encrypt data over networks.More